First up is Heise Security’s takedown of the new application-based firewall in Leopard, which Apple promises will specify the behavior of specific applications to either allow or block incoming connections.

The most important task for any firewall is to keep out uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks.

But a quick look at the firewall configuration in the Mac OS X Leopard shows that it is unable to do this. By default it is set to “Allow all incoming connections,” i.e. it is deactivated. Worse still, a user who, for security purposes, has previously activated the firewall on his or her Mac will find that, after upgrading to Leopard, the system restarts with the firewall deactivated.

In contrast to, for example, Windows Vista, the Leopard firewall settings fail to distinguish between trusted networks, such as a protected company network, and potentially dangerous wireless networks in airports or even direct internet connections. Leopard initially takes the magnanimous position of trusting all networks equally.